About Us

Doing Business with ATI

We developed this information to provide our consortium members, subcontractors, and suppliers with the ability to quickly reference information that they will need to work with our company and navigate the federal marketplace.

icon

Advanced Technology International (ATI) is a nonprofit committed to our collaborative technology development model. Forming mutually beneficial relationships with our large business, small business and academia partners is key to that model, as we strive for excellence in delivery of outstanding technology innovation outcomes to our customers.

This information is one means of providing effective engagement with all of our industry partners, including the opportunity to connect with small, minority, women and veteran-owned small businesses interested in working with us.

We hope you find this information helpful. Please feel free to contact our ATI Contracts Team at 843-760-3278 or email us at contract.forms@ati.org.

Mica Dolan, CPCM
Senior Vice President, Contracts & Procurement
ATI
315 Sigma Drive
Summerville, SC 29486

Partnering with ATI

Obtaining a Dun & Bradstreet D-U-N-S® Number

In order to register in the System for Award Management (SAM), an organization will first need to receive a Data Universal Numbering System (D-U-N-S®) from Dun & Bradstreet. Your business Tax ID number, bank account, bank routing number and business address are necessary to apply for this number.

System for Award Management (SAM)

All companies desiring to do business with the Federal Government are required to have an active record on the Government’s System for Award Management (SAM).

SAM is the Official U.S. Government system that consolidated the capabilities of CCR/FedReg, ORCA and EPLS. There is NO fee to register.

ATI subcontractors and suppliers shall complete the Representations and Certifications in SAM.gov.

See How to Register in SAM for further information.

Obtaining a DD Form 2345 - Militarily Critical Technical Data Agreement

DD Form 2345 is required by U.S. contractors that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application that is under the control of, or in the possession of the U.S. Department of Defense (DoD).

Many of ATI-managed consortia require prospective members to obtain a DD Form 2345. In order to obtain a DD Form 2345, an organization is required to have a Commercial and Government Entity (CAGE) code. An organization must register in the System for Award Management (SAM) in order to obtain a CAGE code. Lastly, in order to register in SAM, an organization will first need to receive a Data Universal Numbering System (DUNS). Your business Tax ID number, bank account, bank routing number and business address are also necessary.

Click on the video image below to view ATI’s training on How to Obtain a DD Form 2345 Certification:

How to obtain a DD Form 2345. (pdf document)

Small Business Requirements

It is the intent of ATI that small businesses are given the maximum practicable opportunity to compete for ATI purchases consistent with the efficient performance of our business. Each division in ATI will comply with the intent of the requirements set forth by FAR 52.219. Should your business meet any of the small business criteria listed, you are encouraged to contact sbadminSum@ati.org to be registered as a vendor with ATI and be considered for future purchases and business needs. For subcontracts that are subject to the Federal Acquisition Regulations, Small Business Classifications include (these are all self-certified classifications, except for the HUBZone):

  • Small Disadvantaged Business (SDB)
  • Woman Owned (WO)
  • HUBZone – (HUBZone Certification Application)
  • Veteran Owned (VO)
  • Service Disabled Veteran (SDVO)
  • Historically Black Colleges and Universities (HBCU)
  • Minority Institutions (MI)

 

For more information, please visit the following useful websites:

Representations and Certifications (Reps and Certs)

In accordance with FAR Subpart 4.12, ATI is prohibited from awarding a procurement funded under a U.S. Government contract unless the seller certifies it complies with certain U.S. Government policies and laws. In order to facilitate this requirement, your contracts or purchasing representative will verify your organization has active Representations and Certifications at SAM.gov.

Vendor Management

ATI maintains a database of all vendors, suppliers, and subcontractors who are and have done business with us. Please contact your contracts or purchasing representative to register as a new vendor or update previously submitted information as an existing member.

Vendor forms (including a W-9 Form, Electronic Funds Transfer Request Form and Vendor Questionnaire) can be provided to you via email for completion.

Invoicing and Prompt Payment

ATI’s standard payment terms are NET 30 days from the date an acceptable invoice is received. However, other payment terms may be negotiated with your contracts representative. Please refer to your subcontract agreement or purchase order for the applicable payment terms.

In order to facilitate prompt payment of invoices submitted to ATI, we ask that you please forward your invoices to afgforms@ati.org.

Please refer to your subcontract agreement or purchase order for guidance on submitting an acceptable invoice.

Payment Inquiries may be directed to your ATI subcontract representative or afgforms@ati.org

Contracting

ATI is committed to providing procurement services of the highest quality to exceed the expectations of all of our business partners. We ensure that ATI agreements reflect the best value for our clients and partners. It is our goal to build long term, mutually favorable relationships with our suppliers, subcontractors, team members and clients based on trusthonesty, and candor.

We welcome your questions and feedback as we strive to achieve our goals.

Please contact us!

Partnering with ATI

Obtaining a Dun & Bradstreet D-U-N-S® Number

In order to register in the System for Award Management (SAM), an organization will first need to receive a Data Universal Numbering System (D-U-N-S®) from Dun & Bradstreet. Your business Tax ID number, bank account, bank routing number and business address are necessary to apply for this number.

System for Award Management (SAM)

All companies desiring to do business with the Federal Government are required to have an active record on the Government’s System for Award Management (SAM).

SAM is the Official U.S. Government system that consolidated the capabilities of CCR/FedReg, ORCA and EPLS. There is NO fee to register.

ATI subcontractors and suppliers shall complete the Representations and Certifications in SAM.gov.

See How to Register in SAM for further information.

Obtaining a DD Form 2345 - Militarily Critical Technical Data Agreement

DD Form 2345 is required by U.S. contractors that wish to obtain access to unclassified technical data disclosing militarily critical technology with military or space application that is under the control of, or in the possession of the U.S. Department of Defense (DoD).

Many of ATI-managed consortia require prospective members to obtain a DD Form 2345. In order to obtain a DD Form 2345, an organization is required to have a Commercial and Government Entity (CAGE) code. An organization must register in the System for Award Management (SAM) in order to obtain a CAGE code. Lastly, in order to register in SAM, an organization will first need to receive a Data Universal Numbering System (DUNS). Your business Tax ID number, bank account, bank routing number and business address are also necessary.

Click on the video image below to view ATI’s training on How to Obtain a DD Form 2345 Certification:

How to obtain a DD Form 2345. (pdf document)

Small Business Requirements

It is the intent of ATI that small businesses are given the maximum practicable opportunity to compete for ATI purchases consistent with the efficient performance of our business. Each division in ATI will comply with the intent of the requirements set forth by FAR 52.219. Should your business meet any of the small business criteria listed, you are encouraged to contact sbadminSum@ati.org to be registered as a vendor with ATI and be considered for future purchases and business needs. For subcontracts that are subject to the Federal Acquisition Regulations, Small Business Classifications include (these are all self-certified classifications, except for the HUBZone):

  • Small Disadvantaged Business (SDB)
  • Woman Owned (WO)
  • HUBZone – (HUBZone Certification Application)
  • Veteran Owned (VO)
  • Service Disabled Veteran (SDVO)
  • Historically Black Colleges and Universities (HBCU)
  • Minority Institutions (MI)

 

For more information, please visit the following useful websites:

Representations and Certifications (Reps and Certs)

In accordance with FAR Subpart 4.12, ATI is prohibited from awarding a procurement funded under a U.S. Government contract unless the seller certifies it complies with certain U.S. Government policies and laws. In order to facilitate this requirement, your contracts or purchasing representative will verify your organization has active Representations and Certifications at SAM.gov.

Vendor Management

ATI maintains a database of all vendors, suppliers, and subcontractors who are and have done business with us. Please contact your contracts or purchasing representative to register as a new vendor or update previously submitted information as an existing member.

Vendor forms (including a W-9 Form, Electronic Funds Transfer Request Form and Vendor Questionnaire) can be provided to you via email for completion.

Invoicing and Prompt Payment

ATI’s standard payment terms are NET 30 days from the date an acceptable invoice is received. However, other payment terms may be negotiated with your contracts representative. Please refer to your subcontract agreement or purchase order for the applicable payment terms.

In order to facilitate prompt payment of invoices submitted to ATI, we ask that you please forward your invoices to afgforms@ati.org.

Please refer to your subcontract agreement or purchase order for guidance on submitting an acceptable invoice.

Payment Inquiries may be directed to your ATI subcontract representative or afgforms@ati.org

Contracting

ATI is committed to providing procurement services of the highest quality to exceed the expectations of all of our business partners. We ensure that ATI agreements reflect the best value for our clients and partners. It is our goal to build long term, mutually favorable relationships with our suppliers, subcontractors, team members and clients based on trusthonesty, and candor.

We welcome your questions and feedback as we strive to achieve our goals.

Please contact us!

Ethics & Compliance

Ethics & Compliance

ATI has implemented a Supplier Code of Conduct which outlines our expectations for the high ethical and compliance standards we require from our Suppliers. The Supplier Code of Conduct is reflective of the standards for ATI Associates, Executives, Director, Partners, and Affiliates. ATI expects its suppliers, subcontractors, and vendors to not only comply with the ATI Supplier Code of Conduct but to also have their own Code of Conduct applicable to their organization and business operations. We value our relationship with your organization and thank you for being part of the continued success of ATI. If you should have any questions regarding ATI’s Supplier Code of Conduct, or need further assistance, please contact:

Paige Shannon
Compliance Officer
315 Sigma Drive
Summerville, SC  29486
843-760-3638
paige.shannon@ati.org

ATI Ethics and Compliance Hotline

ATI has implemented an Ethics and Compliance Hotline (in accordance with FAR Part 52.203-13) to serve as a reporting mechanism through which employees, agents, and third party vendors may report suspected instances of improper conduct.

The hotline is available 24/7/365, and all reports may be made anonymously or named at:

Department of Defense (DoD) Hotline

The mission of the DoD Hotline is to provide a confidential, reliable means to report violations of law, rule or regulation, mismanagement, gross waste of funds, abuse of authority and classified information leaks involving the Department of Defense; as well as the detection and prevention of threats and danger to the public health and safety of the Department and our Nation.

Anyone may file a complaint with the DoD Hotline at 1-800-424-9098 to report fraud, misuse and misrepresentation relating to DoD contract.

A report can also be made through the Fraud Waste and Abuse website.

Additional Ethics and Compliance Resources

For more information on adherence to laws and establishing effective Ethics and Compliance Programs, please visit the following websites.

 

Below is a list of Integrated Compliance Solutions providing online training, hotline services, policy management, reporting and analytics, and more:

2019 NDAA Section 889

Section 889 of the 2019 National Defense Authorization Act prohibits the federal government, government contractors, and grant and loan recipients from procuring or using certain “covered telecommunication equipment or services” that are produced by Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries as a “substantial or essential component of any system, or as critical technology as part of any system.”  This section of the 2019 NDAA has two sections both of which are in effect as of August 13, 2020.

Sec. 889(a)(1)(A) required the federal government, as of August 13, 2019, to not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Sec. 889(a)(1)(B), which is slated to go into effect on August 13, 2020, will prohibit the federal government from entering into or extending or renewing contracts with any entity that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Section 889(a)(1)(A) and 889(a)(1)(B) are incorporated into the Federal Acquisition Regulation (FAR) as sections 52.204-24; 52.204-25; and 52.204-26.

The following links include additional information about Section 889 of the 2019 NDAA:

Ethics & Compliance

Ethics & Compliance

ATI has implemented a Supplier Code of Conduct which outlines our expectations for the high ethical and compliance standards we require from our Suppliers. The Supplier Code of Conduct is reflective of the standards for ATI Associates, Executives, Director, Partners, and Affiliates. ATI expects its suppliers, subcontractors, and vendors to not only comply with the ATI Supplier Code of Conduct but to also have their own Code of Conduct applicable to their organization and business operations. We value our relationship with your organization and thank you for being part of the continued success of ATI. If you should have any questions regarding ATI’s Supplier Code of Conduct, or need further assistance, please contact:

Paige Shannon
Compliance Officer
315 Sigma Drive
Summerville, SC  29486
843-760-3638
paige.shannon@ati.org

ATI Ethics and Compliance Hotline

ATI has implemented an Ethics and Compliance Hotline (in accordance with FAR Part 52.203-13) to serve as a reporting mechanism through which employees, agents, and third party vendors may report suspected instances of improper conduct.

The hotline is available 24/7/365, and all reports may be made anonymously or named at:

Department of Defense (DoD) Hotline

The mission of the DoD Hotline is to provide a confidential, reliable means to report violations of law, rule or regulation, mismanagement, gross waste of funds, abuse of authority and classified information leaks involving the Department of Defense; as well as the detection and prevention of threats and danger to the public health and safety of the Department and our Nation.

Anyone may file a complaint with the DoD Hotline at 1-800-424-9098 to report fraud, misuse and misrepresentation relating to DoD contract.

A report can also be made through the Fraud Waste and Abuse website.

Additional Ethics and Compliance Resources

For more information on adherence to laws and establishing effective Ethics and Compliance Programs, please visit the following websites.

 

Below is a list of Integrated Compliance Solutions providing online training, hotline services, policy management, reporting and analytics, and more:

2019 NDAA Section 889

Section 889 of the 2019 National Defense Authorization Act prohibits the federal government, government contractors, and grant and loan recipients from procuring or using certain “covered telecommunication equipment or services” that are produced by Huawei, ZTE, Hytera, Hikvision, and Dahua and their subsidiaries as a “substantial or essential component of any system, or as critical technology as part of any system.”  This section of the 2019 NDAA has two sections both of which are in effect as of August 13, 2020.

Sec. 889(a)(1)(A) required the federal government, as of August 13, 2019, to not “procure or obtain or extend or renew a contract to procure or obtain any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Sec. 889(a)(1)(B), which is slated to go into effect on August 13, 2020, will prohibit the federal government from entering into or extending or renewing contracts with any entity that “uses any equipment, system, or service that uses covered telecommunication equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.”

Section 889(a)(1)(A) and 889(a)(1)(B) are incorporated into the Federal Acquisition Regulation (FAR) as sections 52.204-24; 52.204-25; and 52.204-26.

The following links include additional information about Section 889 of the 2019 NDAA:

Cybersecurity

Cybersecurity - Adhering to New DoD Requirements

In October of 2016, DoD adopted a final rule amending the Defense Federal Acquisition Regulation (DFARS), which requires contractors to report on network penetrations. While the main elements of the DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) remained intact, the final rule and DFARS clause 252.204-7012 did include several updates and clarifications. However, please be advised that your company should adhere to the version of the DFARS clause contained in your subcontract agreement. The current version of the DFARS clause is available here.

On November 30, 2020, the DFARS was amended to include additional cyber provisions related to assessment requirements and Cybersecurity Maturity Model Certification (CMMC). The additional provisions are DFARS clause 252.204-7019, 252.204-7020 and 252.204-7020. The current version of those clauses are available here.

New Document DoD Guidance on Cyber Security

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense’s (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced in mid 2019 that it is creating a cybersecurity assessment model and certification program. On January 31st, 2020, DoD officials released CMMC 1.0. The current version of the model is CMMC 1.2 and is available here.

  • The CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic to advanced cyber hygiene. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
  • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is for certified independent 3rd party organizations to conduct audits and inform risk.

For additional information, please reference the DoD Acquisition website pertaining to CMMC (https://www.acq.osd.mil/cmmc/index.html) and the CMMC Accreditation Body website (https://www.cmmcab.org/).

CMMC Resources:

 

Here is the Q&A from the Webinar.

CMMC Webinar hosted by ATI on February 20, 2020:

NIST 800-171 Assessment

The National Institute of Standards and Technology (NIST) guidelines 800-171 Revision 1 (Protecting Controlled Unclassified Information in NonFederal Information Systems and Organizations) were released in June 2015. NIST 800-171 outlines a subset of the NIST 800-53 requirements. Detailed mapping is available in the NIST Special Publication 800-171 Revision 1, Appendix D, Table D-1, page 30. ATI is providing a Checklist Framework (pdf format) that you can use to assist in determining if you are NIST compliant and where you may need to enhance security measures. The NIST Cybersecurity Self-Assessment Handbook is for assessing NIST SP 800-171 Security Requirements in response to DFARS Cybersecurity Requirements. In addition, DoD released assessment guidelines for CMMC at level 1 and level 3. Those guidelines can be found here.

DFARS 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements (NOV 2020) require all contractors, subject to implementation of the NIST SP 800-171 standard, have a current (completed within the past 3 years) DoD Assessment on record in the DoD’s Supplier Performance Risk System (SPRS). Contractors are encouraged to do a Basic Self-Assessment using the NIST 800-171 DoD Assessment Methodology and upload it into SPRS now, if they intend to respond to future solicitations where this assessment will likely be required prior to award.

Compliance Resources

The following is a list of resources to assist you in identifying areas that need improvement in your security requirements checklist. These resources may also provide assistance in becoming NIST 800-171 compliant.

Additional Cybersecurity Resources

Tips to Improve Cybersecurity

  • Train employees in security principles – have standards of protocol and behavior
  • Protect hardware, networks and information – update antivirus software
  • Create mobile device action plan – use password protection, encrypt data and use security apps on phones that have access to confidential information; establish reporting procedure for lost or stolen phones
  • Back up important data and information – back up documents and information to computers and to the cloud or offsite
  • Control physical access to computers – lock up laptops when unused; create user accounts for each employee; allow administrative privileges only to trusted IT staff and personnel
  • Secure Wi-Fi networks – make sure wireless is encrypted, SSID is hidden and networks have passwords
  • Use best practices with payment cards – work with banks and processors to set up anti-fraud services; do not use the same computer to process payments and surf the internet
  • Limit employee access and authority – give employees access only to the data systems necessary for their tasks; do not allow installation of software without permission
  • Require passwords and authentication – have employees use unique passwords and require them to change these passwords every three months; consider further authentication practices with additional information; check with vendors who handle sensitive information

 

Information Source: U.S. Small Business Administration.

June 23, 2017 - DoD Industry Information Day

On June 23, 2017, the Chief Information Officer of DoD hosted an Industry Information Day to brief the implementation of the new Cybersecurity rules, and to address industry feedback. Attached, for your convenience, is a copy of the very detailed presentation regarding “Cybersecurity Challenges – Protecting DoD’s Unclassified information”.

Cybersecurity

Cybersecurity - Adhering to New DoD Requirements

In October of 2016, DoD adopted a final rule amending the Defense Federal Acquisition Regulation (DFARS), which requires contractors to report on network penetrations. While the main elements of the DFARS Clause 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) remained intact, the final rule and DFARS clause 252.204-7012 did include several updates and clarifications. However, please be advised that your company should adhere to the version of the DFARS clause contained in your subcontract agreement. The current version of the DFARS clause is available here.

On November 30, 2020, the DFARS was amended to include additional cyber provisions related to assessment requirements and Cybersecurity Maturity Model Certification (CMMC). The additional provisions are DFARS clause 252.204-7019, 252.204-7020 and 252.204-7020. The current version of those clauses are available here.

New Document DoD Guidance on Cyber Security

Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense’s (DoD) efforts to properly secure the Defense Industrial Base (DIB). In the simplest of terms, the DoD announced in mid 2019 that it is creating a cybersecurity assessment model and certification program. On January 31st, 2020, DoD officials released CMMC 1.0. The current version of the model is CMMC 1.2 and is available here.

  • The CMMC combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic to advanced cyber hygiene. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
  • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is for certified independent 3rd party organizations to conduct audits and inform risk.

For additional information, please reference the DoD Acquisition website pertaining to CMMC (https://www.acq.osd.mil/cmmc/index.html) and the CMMC Accreditation Body website (https://www.cmmcab.org/).

CMMC Resources:

 

Here is the Q&A from the Webinar.

CMMC Webinar hosted by ATI on February 20, 2020:

NIST 800-171 Assessment

The National Institute of Standards and Technology (NIST) guidelines 800-171 Revision 1 (Protecting Controlled Unclassified Information in NonFederal Information Systems and Organizations) were released in June 2015. NIST 800-171 outlines a subset of the NIST 800-53 requirements. Detailed mapping is available in the NIST Special Publication 800-171 Revision 1, Appendix D, Table D-1, page 30. ATI is providing a Checklist Framework (pdf format) that you can use to assist in determining if you are NIST compliant and where you may need to enhance security measures. The NIST Cybersecurity Self-Assessment Handbook is for assessing NIST SP 800-171 Security Requirements in response to DFARS Cybersecurity Requirements. In addition, DoD released assessment guidelines for CMMC at level 1 and level 3. Those guidelines can be found here.

DFARS 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements (NOV 2020) require all contractors, subject to implementation of the NIST SP 800-171 standard, have a current (completed within the past 3 years) DoD Assessment on record in the DoD’s Supplier Performance Risk System (SPRS). Contractors are encouraged to do a Basic Self-Assessment using the NIST 800-171 DoD Assessment Methodology and upload it into SPRS now, if they intend to respond to future solicitations where this assessment will likely be required prior to award.

Compliance Resources

The following is a list of resources to assist you in identifying areas that need improvement in your security requirements checklist. These resources may also provide assistance in becoming NIST 800-171 compliant.

Tips to Improve Cybersecurity

  • Train employees in security principles – have standards of protocol and behavior
  • Protect hardware, networks and information – update antivirus software
  • Create mobile device action plan – use password protection, encrypt data and use security apps on phones that have access to confidential information; establish reporting procedure for lost or stolen phones
  • Back up important data and information – back up documents and information to computers and to the cloud or offsite
  • Control physical access to computers – lock up laptops when unused; create user accounts for each employee; allow administrative privileges only to trusted IT staff and personnel
  • Secure Wi-Fi networks – make sure wireless is encrypted, SSID is hidden and networks have passwords
  • Use best practices with payment cards – work with banks and processors to set up anti-fraud services; do not use the same computer to process payments and surf the internet
  • Limit employee access and authority – give employees access only to the data systems necessary for their tasks; do not allow installation of software without permission
  • Require passwords and authentication – have employees use unique passwords and require them to change these passwords every three months; consider further authentication practices with additional information; check with vendors who handle sensitive information

 

Information Source: U.S. Small Business Administration.

June 23, 2017 - DoD Industry Information Day

On June 23, 2017, the Chief Information Officer of DoD hosted an Industry Information Day to brief the implementation of the new Cybersecurity rules, and to address industry feedback. Attached, for your convenience, is a copy of the very detailed presentation regarding “Cybersecurity Challenges – Protecting DoD’s Unclassified information”.

Cookies

This site uses cookies: Find out more.